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DETAILED ACTION 

1 . The amendment received on 10/09/07 has been entered. 

Response to Arguments 

2. The abstract received on 10/09/07 has been accepted and the objection to the 
specification has been withdrawn. 

3. Similarly, the amendment to claim 4-6, 9-1 1 and 15-16 overcame the claim 
objections and the 35 USC § 101 rejection cited in the previous Office Action. 

4. Applicant's arguments are essentially directed towards the newly introduced 
limitations: "disabling when the virus detecting unit detects infected data, 
transmission of the data outside the hub unit to the communication devices directly 
connected to the hub unit, other than a communication device that transmitted the 
infected data " (e.g. claim 1) and "the virus spreading preventing unit registers a 
transmission lower layer address of a communication device that transmitted the 
data to the hub unit" (e.g. claim 2). 

5. These newly introduced limitations are addressed in this Office Action, below. 

6. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office Action. 

7. Claims 1-19 have been examined. 



Claim Rejections - 35 USC §112 
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The following is a quotation of the first paragraph of 35 U.S.C. 1 1 2: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

8. Claims 2, 8, 16 and 18 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the invehtor(s), at the time the 
application was filed, had possession of the claimed invention. In particular the 
original specification does not disclose "a transmission lower layer address". 

9. Claims 2, 8, 16 and 18 are rejected under 35 U.S.C. 112, second paragraph, as 
failing to set forth the subject matter which applicant(s) regard as their invention. 
The newly introduced term: "a transmission lower layer address" is not understood 
and there is no guidance in the specification what this term represents. For purpose 
of the further examination the term is treated as referring to MAC addresses. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 102 or 103 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 1, 3-5, 15, 17 and 19 are rejected under 35 U.S.C. 102(e) as anticipated by 
Campbell (USPN 20040003284) 

Campbell discloses a hub system (Fig. 2 object 72) performing monitoring data for 
viruses in "on-line" mode. 

1 1. As per claims 4, 19, Cambell discloses the hub that stores virus pattern information 
(Virus Database, Fig. 2 object 100 and associated text, e.g. [19-20]) and data 
received from any device (packets 122 in the packet queue 120 [27] received from a 
plurality of user computers, e.g. 92, 94, 96, 98 through a plurality of communication 
ports 80, 82, 84, 86 and 88 for example [17]). Campbell discloses disabling 
transmission of virus infected data outside of a hub unit to communication devices 
for any of the data that the hub unit determines is infected with a virus based on the 
stored virus pattern information (a packet is forwarded to a destination only if the 
packet is clean, i.e., no match with any virus pattern is found, [29]). 

12. The examiner points out that claim 19 is broad enough to accommodate teaching of 
transmitting data outside of hub even if the data is found to be infected, as long as 
the virus is removed from the data, as shown by Gryaznov (USPN 2003/0070087). 

13. As per claims 1,15 and 17, Cambell discloses a first memory unit (virus database 
100 disclosed in Fig. 2), a second memory unit (e.g. packet queue 122), a virus 
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detecting unit (e.g. virus scanner 126) and a virus spreading preventing unit (e.g. 
switching control 78) that disables transmission of the data outside the hub unit to 
the communication devices directly connected to the hub unit (as indicated in 
paragraph [28] disclosing shutting off the port on which the infected computer is 
connected to prevent any further spreading of the virus to any device). Finally, 
Cambell discloses that the transmission of the data outside the hub unit does not 
prevent transmission of the data outside the hub unit to the communication device 
that transmitted the infected data (even after the detection of the virus in data, the 
port is open for the communication with the communication device that transmitted 
the data in order to alert the device that it is infected [28]). 

14. The discussed teaching reads on claim 3. Disabling transmission is not limited to 
only previously received data from a first communication device and in fact the 
previously received data at some point was a newly received data. Additionally, as 
discussed above, Cambell disclose preventing transmitting data received on the port 
from the "infected" communication device. Thus, any following data will also be 
prevented from reaching other communication devices, which reads on claim 5. 

Claim Rejections - 35 USC § 102 or 103 

15. Claims 2, 7-10, 12, 16 and 18 are rejected under 35 U.S.C. 102(e) as anticipated by 
or, in the alternative, under 35 U.S.C. 103(a) as obvious over Campbell (USPN 
20040003284). 
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As per claim 9-10, Cambell discloses stopping infected data at the system as 
discussed above. 

16. As per claim 7, Cambell does not explicitly disclose a third memory unit storing 
transmission addresses of the plurality of the communication devices. However, the 
limitation is at least implicit, if not inherent. First of all in network communication 
devices sending data use destination addresses. Additionally, as clearly shown by 
Cambell, the hub system comprises a plurality of ports providing network connection 
between a plurality of computers (Fig. 2 and [17], for example). Thus, the hub 
system must have some way to associate the data communication between the 
communicating parties (computers) and this association must keep track of not only 
a sources and destinations addresses but also a ports used for the communication 
(see USPUB 2006/0041683, "Background of the Invention", USPN 6115385, Fig. 9 
for example, etc.). 

17. The examiner points out that even if Cambell's invention somehow was not utilizing 
a memory unit storing transmission addresses of a plurality of the communication 
devices (e.g. constantly sending a broadcast, which would be rather odd and 
irrational solution) storing transmission addresses of a plurality of the communication 
devices in a memory unit (in a table or a database) would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to given the benefit of 
efficiency. 

18. Similarly, as per claims 2, 16 and 18, the examiner points out that in lower layer 
address (e.g. MAC) are necessarily used in the communication between network 
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devices, even if only higher layer (IP addresses) are disclosed. The reason is that 
lower layer addresses are addresses that are used for communicating data over 
physical medium (network wire). This is particularly true in LAN environment that 
utilizes Hubs. Furthermore, even if somehow only a higher layer addresses were 
utilized (thus stored in memory unit storing transmission addresses of the plurality of 
communication devices) storing and utilizing lower layer addresses such as MAC 
addresses would have been an obvious variation, well known in the art (see 
previously cited references), and one would have been motivated to use them 
especially in light of the benefits of these technologies as evidenced by their 
commercial success. 

19. Note that the discussed feature reads on the claim limitation, although it appears, 
that applicant intention was to articulate registering the lower layer address of an 
"infected" communication device after it is found to provide infected data. However, 
this interpretation would also not overcome the art of record. In order to perform a 
particular action a computer must identify/flag (or register) an object of the action, 
especially if a change to the status of the object (such as identifying a computer 
device using address/port to implement the block on communication between the 
port and other ports, see USPN 6240530 the use of flags, for example). 

20. As per claims 8 and 12, the examiner points out that the use of source/destination 
addresses (which requires determining coincidence of addresses attached to the 
data and addresses kept by a filtering system in memory) in disabling transmission 
of data is old and well known in the art of computer security (e.g. Libenzi, USPN 
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7117533). Filtering data (disabling transmission) using addresses are much more 
efficient since computer devices must handle addresses included in data at the 
receipt and transmission of any data, and Cambpell explicitly discloses the need for 
efficient data manipulation (Campbell, e.g. [27]). Thus, the advantages of the 
determining whether the address attached to data transmitted from the device 
coincides with an address stored in the third memory unit (is marked as 
block/system infected, for example) systems of Larsson and DeBry could have been 
easily combinable with more than a reasonable expectations of success. It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate such a modification given the benefit of system's efficiency. 
21. Claims 13-14 are rejected under 35 U.S.C. 103(a) as obvious over Campbell 
(USPN 2004/0003284). 

As per claims 13-14, although Cambell call his system implementing monitor 
functionalities a router [5]), Cambell is silent in regard to the monitor to be 
(implemented in) a gateway. However, the examiner points out that the 
hub/switch/router/gateway systems have essentially similar functionalities (the data 
is communicated through the system from a source to a destination) and given the 
fact that gateways are old and well known in the art of networking (see USPUB 
2004/0047356, for example), an ordinary artisan would have been motivated to 
include CambeH's monitor in systems such as gateway given the benefit of scanning 
network packets communicating through the gateway for viruses and as a result 
preventing possible virus attacks. 
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22. Claims 6 and 1 1 are rejected under 35 U.S.C. 1 03(a) as obvious over Campbell 
(USPN 20040003284) in view of Togawa (U.S. Patent No. USPN 6240530). 
Campbell system has been discussed supra. 

23. Campbell does not disclose a display unit for notifying that data is infected with a 
virus if the detecting unit determines that the data is infected with a virus. 
Togawa discloses a display unit for notifying that data is infected with a virus if the 
detecting unit determines that the data is infected with a virus (Fig. 3 object 7, col. 24 
lines 37-43 and col. 23 lines 9-15, for example). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to incorporate the 
display unit as disclosed by Togawa into Campbell invention given the benefit of 
alternative means of system's operator notification. 

24. Claims 1, 4-5, 15 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Yokoyama Masatoshi (Jap. Pub. No. 10307776), hereafter Masatoshi in view of 
Campbell (USPN 20040003284). 

As per claims 1, 5, 15 and 17, Masatoshi discloses a device unit connected to 
plurality of communication devices (object 5, Fig. 1) comprising a first memory unit 
(PROM) storing virus pattern information; a second memory unit temporarily storing 
data received from any one of the communication devices (RAM); a virus detecting 
unit that determines whether the data temporarily stored in the second memory unit 
is infected with a virus or not based on the virus patterns stored in the first memory 
unit (control processor 305) (Masatoshi [0016-0017]). 
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Masatoshi transmitting to receiving-side equipment only data that is not virus 
infected is transmitted to receiving-side equipment, which clearly indicates 
invalidating infected data by a virus spreading preventing unit disabling transmission 
of the data outside the unit when the detecting unit determines that the data is 
infected with a virus. 

The device unit disclosed by Masatoshi is a central location unit providing common 
connection to a multiple devices, and thus it reads on a hub. Furthermore, even if 
applicant was to argue some more restrictive definition of a hub, of the examiner 
points out that a name of a device would not affect the functionality of the 
Masatoshi's invention. Furthermore, hubs and other communication units are well 
known in the art of computing, and implementing Masatoshi's invention to other 
network devices (such as hubs) that connect multiple network nodes would have 
been an obvious variation given the benefit of relieving the receiving-side equipment 
from checking whether the received data is safe (e.g. Masatoshi [0018]). 
25. Masatoshi does not explicitly disclose disabling transmission of the data to 
communication devices directly connected to the hub unit, other than a 
communication device that transmitted the infected data, when the virus detecting 
unit detects infected data. 

Campbell teaches such an implementation (see discussion regarding Campbell 
reference above), and it would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to disable transmission of the data to 
communication devices directly connected to the hub unit, other than a 
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communication device that transmitted the infected data, when the virus detecting 
unit detects infected data as disclosed by Campbell, given the benefit of preventing 
virus spread as well as notifying the infected communication device about the virus 
infection. 

26. As per claim 4, preventing newly received data from a first communication device to 
the communication devices reads on disabling the reception to new data from a first 
communication device. 

27. Claims 2-3, 7-10, 12-14, 16 and 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Yokoyama Masatoshi (Jap. Pub. No. 10307776), hereafter 
Masatoshi in view of in view of Campbell (USPN 20040003284), and further in view 
of Libenzi (USPN 71 17533) or alternatively in view of Kim (USPN 6701440). 
Masoatoshi's hub unit detecting data infected with a virus has been discussed supra. 

28. As per claims 2, Masatoshi does not disclose a memory unit storing transmission 
addresses of the plurality of the communication devices and registering a 
transmission address of a communication device that transmitted the infected data. 

29. Libenzi discloses a memory unit (Fig. 2 object 37) that stores addresses of the 
plurality of the communication devices and registering a transmission address of a 
communication device that transmitted the infected data (col. 2 lines 58-67). It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement a memory unit that stores addresses of the plurality of the 
communication devices and registering a transmission address of a communication 
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device that transmitted the infected data as taught by Libenzi given the benefit of 
avoiding a flood of infected message traffic. 

30. Also Kim discloses a memory unit that stores addresses of the plurality of the 
communication devices and registering a transmission address of a communication 
device that transmitted the infected data (col. 6 lines 48-64). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention to 
include a memory unit that stores addresses of the plurality of the communication 
devices and registering a transmission address of a communication device that 
transmitted the infected data as taught by Libenzi or Kim into Masatoshi's invention. 
One of ordinary skill in the art would have been motivated to perform such a 
modification in order to ensure that the infected data is not forwarded to other 
recipients. 

31. As per claim 16, any time that data (e.g. an address) is received and operated it 
inherently involves the process of registering data. Otherwise the data could not be 
accessed or retrieved. 

32. As per claims 3, 7-9 implementation of Kim and Masatoshi's inventions would clearly 
prevent newly received data from a first communication device to the communication 
devices after determination that the first communication device is infected by a virus 
the data transmitted from the first communication devices is infected with a virus ("... 
infected messages are discarded Libenzi, col. 2 lines 55-56, and "...blocking a 
sender's address results in all e-mail messages from the blocked sender to be 
automatically deleted Kim, col. 6 lines 49-51, for example). 
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33. As per claim 10, it is clear that the above-discussed data is received from a 
communication device and any data, including the newly received data, received 
from the device, found to be infected would be invalidated. 

34. As per claims 13-14, the examiner points out that using a particular name for the 
entity (e.g. a gateway or a router) would not affect the functionality of the invention, 
especially since one of the functions of network devices such as gateway, router, 
hub etc. is to connect multiple devices. 

35. As per claim 12, although Libenzi, Kim and Masatoshi do not explicitly disclose more 
than one protection device, such as discussed above hub, being connected in a 
cascade form, the examiner points out that connecting plurality of protection devices 
in a cascade mode is well known in the art of computer networking (e.g. Fig. 1 , 
Smith USPN 7134142), and it would have been obvious to one of ordinary skill in the 
art at the time of applicant's invention to connect more than one protection device (in 
a cascade form) given the benefit of a multiple layer network protection. 
Furthermore, Libenzi, Kim and Masatoshi do not explicitly discusses that in addition 
to a one of the network devices searching data within one database (e.g. said virus 
spreading preventing unit of a device determines whether or not a transmission 
address of a communication device, attached to data transmitted from the device, 
coincides with an address stored in the third memory unit in a first hub unit among 
the plurality of the hub units) searches other databases for additional data that would 
be used for additional data validation (e.g. if it determines that there is no 
coincidence between the two addresses it successively checks for the coincidence 
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between the transmission address and addresses stored in the respective third 
memory units in the successive hub units), the examiner points out that searching 
additional databases for data that would be used for additional data validation is well 
known in the art of networking, including the art of computer security (e.g. 
searching/pulling for security updates, Smith USPN 7134142 for example), and 
implementing such a feature into Masatoshi in view of Libenzi or alternatively Kim's 
invention would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention given the benefit of data validation against the most updated 
information. Applying the rules using the updated data (if it determines that there is 
a coincidence between two addresses it disables transmission of the data to a 
communication device) would have been implicit. 

36. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Yokoyama 
Masatoshi (Jap. Pub. No. 10307776), hereafter Masatoshi in view of in view of 
Campbell (USPN 20040003284), and further in view of Togawa (U.S. Patent No. 
USPN 6240530). 

Masoatoshi's hub unit detecting data infected with a virus has been discussed supra. 

37. Masoatoshi does not disclose a display unit for notifying that data is infected with a 
virus if the detecting unit determines that the data is infected with a virus. 
Togawa discloses a display unit for notifying that data is infected with a virus if the 
detecting unit determines that the data is infected with a virus (Fig. 3 object 7, col. 24 
lines 37-43 and col. 23 lines 9-15, for example). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to incorporate the 
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display unit as disclosed by Togawa into Masoatoshi's invention. One of ordinary 
skill in the art would have been motivated to perform such a modification in order to 
enable an operator to decide on a course of action. 
38. Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over Yokoyama 
Masatoshi (Jap. Pub. No. 10307776), hereafter Masatoshi in view of in view of 
Campbell (USPN 20040003284), and Libenzi (USPN 7117533) or alternatively in 
view of Kim (USPN 6701440), and further in view of Togawa (U.S. Patent No. USPN 
6240530). 

The limitation of claim 1 1 are substantially similar to the limitations of claim 6. Thus, 
claim 1 1 is rejected similar to claim 6. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, KambizZand can be reached on (571) 272-3811. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information, for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





